mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-17 10:26:15 +00:00
Code Issues Releases Activity

Run the plain SHA digest tests from NIST.

Browse Source 
Pass in an explicit digest length to the Crypto constructor since it
was assuming only sessions with a MAC key would have a MAC.  Passing
an explicit size allows us to test the full digest in HMAC tests as
well.

Reviewed by:	cem
MFC after:	1 month
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D19884
This commit is contained in:
John Baldwin 2019-04-24 00:16:39 +00:00
parent c091d0d95d
commit de0f7dca5e
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=346616
2 changed files with 55 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tests/sys/opencrypto/cryptodev.py
View File

@ -151,8 +151,9 @@ def getcridname(crid):
return _findop(crid, '')[1]
def __init__(self, cipher=0, key=None, mac=0, mackey=None,
crid=CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE):
crid=CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE, maclen=None):
self._ses = None
self._maclen = maclen
ses = SessionOp2()
ses.cipher = cipher
ses.mac = mac
@ -168,9 +169,6 @@ def __init__(self, cipher=0, key=None, mac=0, mackey=None,
ses.mackeylen = len(mackey)
mk = array.array('B', mackey)
ses.mackey = mk.buffer_info()[0]
self._maclen = 16 # parameterize?
else:
self._maclen = None
if not cipher and not mac:
raise ValueError('one of cipher or mac MUST be specified.')

66
tests/sys/opencrypto/cryptotest.py
View File

@ -114,7 +114,8 @@ def runGCM(self, fname, mode):
c = Crypto(cryptodev.CRYPTO_AES_NIST_GCM_16,
cipherkey,
mac=self._gmacsizes[len(cipherkey)],
mackey=cipherkey, crid=crid)
mackey=cipherkey, crid=crid,
maclen=16)
except EnvironmentError, e:
# Can't test algorithms the driver does not support.
if e.errno != errno.EOPNOTSUPP:
@ -260,10 +261,54 @@ def runTDES(self, fname):
###############
@unittest.skipIf(cname not in shamodules, 'skipping SHA on %s' % str(cname))
def test_sha(self):
# SHA not available in software
pass
#for i in iglob('SHA1*'):
# self.runSHA(i)
for i in katg('shabytetestvectors', 'SHA*Msg.rsp'):
self.runSHA(i)
def runSHA(self, fname):
# Skip SHA512_(224|256) tests
if fname.find('SHA512_') != -1:
return
for hashlength, lines in cryptodev.KATParser(fname,
[ 'Len', 'Msg', 'MD' ]):
# E.g., hashlength will be "L=20" (bytes)
hashlen = int(hashlength.split("=")[1])
if hashlen == 20:
alg = cryptodev.CRYPTO_SHA1
elif hashlen == 28:
alg = cryptodev.CRYPTO_SHA2_224
elif hashlen == 32:
alg = cryptodev.CRYPTO_SHA2_256
elif hashlen == 48:
alg = cryptodev.CRYPTO_SHA2_384
elif hashlen == 64:
alg = cryptodev.CRYPTO_SHA2_512
else:
# Skip unsupported hashes
# Slurp remaining input in section
for data in lines:
continue
continue
for data in lines:
msg = data['Msg'].decode('hex')
msg = msg[:int(data['Len'])]
md = data['MD'].decode('hex')
try:
c = Crypto(mac=alg, crid=crid,
maclen=hashlen)
except EnvironmentError, e:
# Can't test hashes the driver does not support.
if e.errno != errno.EOPNOTSUPP:
raise
continue
_, r = c.encrypt(msg, iv="")
self.assertEqual(r, md, "Actual: " + \
repr(r.encode("hex")) + " Expected: " + repr(data) + " on " + cname)
@unittest.skipIf(cname not in shamodules, 'skipping SHA-HMAC on %s' % str(cname))
def test_sha1hmac(self):
@ -310,7 +355,7 @@ def runSHA1HMAC(self, fname):
try:
c = Crypto(mac=alg, mackey=key,
crid=crid)
crid=crid, maclen=hashlen)
except EnvironmentError, e:
# Can't test hashes the driver does not support.
if e.errno != errno.EOPNOTSUPP:
@ -319,13 +364,8 @@ def runSHA1HMAC(self, fname):
_, r = c.encrypt(msg, iv="")
# A limitation in cryptodev.py means we
# can only store MACs up to 16 bytes.
# That's good enough to validate the
# correct behavior, more or less.
maclen = min(tlen, 16)
self.assertEqual(r[:maclen], mac[:maclen], "Actual: " + \
repr(r[:maclen].encode("hex")) + " Expected: " + repr(data))
self.assertEqual(r[:tlen], mac, "Actual: " + \
repr(r.encode("hex")) + " Expected: " + repr(data))
return GendCryptoTestCase